From the Mandriva advisory:
Buffer overflow in the hfsplus_find_cat function in
fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows
attackers to cause a denial of service (memory corruption or
system crash) via an hfsplus filesystem image with an invalid
catalog namelength field, related to the hfsplus_cat_build_key_uni
function. (CVE-2008-4933)
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the
Linux kernel before 2.6.28-rc1 does not check a certain return value
from the read_mapping_page function before calling kmap, which allows
attackers to cause a denial of service (system crash) via a crafted
hfsplus filesystem image. (CVE-2008-4934)
The __scm_destroy function in net/core/scm.c in the Linux kernel
2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to
itself through calls to the fput function, which allows local users
to cause a denial of service (panic) via vectors related to sending
an SCM_RIGHTS message through a UNIX domain socket and closing file
descriptors. (CVE-2008-5029)
| 